OMGeeky/advisory-db
1
0
Fork 0
mirror of https://github.com/OMGeeky/advisory-db.git synced 2026-02-23 15:38:27 +01:00
Code Issues Packages Projects Releases Wiki Activity

Add advisory for out-of-bounds write and uninitialized memory exposure in reorder

Browse Source
This commit is contained in:
Ammar Askar
2021-03-30 23:44:20 -07:00
parent ca8a60b7be
commit 7b3ef9f3a5
1 changed files with 28 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
crates/reorder/RUSTSEC-0000-0000.md Normal file
View File

@@ -0,0 +1,28 @@
```toml
[advisory]
id = "RUSTSEC-0000-0000"
package = "reorder"
date = "2021-02-24"
url = "https://github.com/tiby312/reorder/issues/1"
keywords = ["memory-corruption", "out-of-bounds"]
[versions]
patched = []
```
# swap_index can write out of bounds and return uninitialized memory
`swap_index` takes an iterator and swaps the items with their corresponding
indexes. It reserves capacity and sets the length of the vector based on the
`.len()` method of the iterator.
If the `len()` returned by the iterator is larger than the actual number of
elements yielded, then `swap_index` creates a vector containing uninitialized
members. If the `len()` returned by the iterator is smaller than the actual
number of members yielded, then `swap_index` can write out of bounds past
its allocated vector.
As noted by the Rust documentation, [`len()`](https://doc.rust-lang.org/std/iter/trait.ExactSizeIterator.html#method.len)
and `size_hint()` are primarily meant for optimization and incorrect values
from their implementations should not lead to memory safety violations.